Procure with Purpose: 6 Steps to Secure a Future‑Proof Public Sector CMS
Discover how public sector procurement executives can cut through compliance hurdles, secure budget buy‑in, and champion accessibility.
Written by Morten Eriksen on
Modernizing your public sector website is both an IT upgrade and a strategic lever for transparency, service quality, and citizen trust.
To help public procurement professionals get started, we have organized the quest for a new CMS into six action‑oriented phases. Each is paired with executive “to‑do” actions.
Follow them and you will move from analysis to contract signing (and beyond) with speed, compliance, and confidence.
Or visit our focused, fully fledged checklist: What You NEED to Remember in Public Sector CMS Procurement »
1. Confirm Why the CMS Decision Matters
A future‑proof CMS streamlines editorial workflows, supports accessibility, and scales with traffic spikes. At the same time, data is kept safe and compliant with GDPR.
Executive actions
- Mandate that stakeholders quantify the cost of current pain points (e.g., publishing delays, accessibility gaps, public confidence).
- Add CMS selection to the digital strategy KPIs you review quarterly.
2. Lay the Strategic Groundwork
Start with a dual analysis: your website (audiences, top tasks, analytics) and your current CMS (strengths/deficits). Involve IT, communications, legal, and finance early via workshops to surface all needs and constraints.
Executive actions
- Approve budget for a baseline user experience audit.
- Appoint a cross‑functional steering group with decision rights.
- Require a RACI chart before the project moves to requirements drafting.
3. Write a Requirements Specification
Cover scalability, open APIs, security certifications (ISO 27001/SOC 2), GDPR tooling, SLAs, documentation, vendor solvency, and total cost of ownership. Map each requirement to the EU procurement principles of transparency, equal treatment, and proportionality.
Executive actions
- Demand that “must‑have” vs. “nice‑to‑have” features are explicitly tagged.
- Instruct finance to model five‑year TCO scenarios before sign‑off.
See also: Why Enonic Is the Low-Risk, High-Compliance Choice for Norwegian CMS Procurements »
4. Engage the Market Early and Fairly
Use a pre‑tender Request for Information (RFI) and publish a prior information notice on Doffin/TED to spark dialogue without breaching competition rules. The Norwegian SSA‑L contract is the de‑facto SaaS template for CMS services; have legal review.
Executive actions
- Host a vendor day; cap vendor presentations at 30 minutes each to keep parity.
- Approve minutes from every market‑dialogue meeting to ensure auditability.
5. Run a Transparent Tender and Rigorous Evaluation
Follow the timeline: publish, allow Q&A, evaluate, negotiate, award. Apply weighted criteria—price, functionality, UX, support, environmental impact. Then document the scoring matrix. Keep suppliers informed through the “Find a Tender” or Doffin platforms.
Executive actions
- Sign off the evaluation matrix before the tender goes live.
- Ensure legal performs a GDPR and intellectual‑property review prior to award.
6. Secure Adoption and Continuous Improvement
Budget for role‑based training (editors, IT admins, developers) and schedule an internal retrospective to codify lessons learned. Leverage public sector digital acquisition playbooks to embed agile governance and inclusive procurement practices in future cycles.
Executive actions
- Mandate that the vendor provides super‑user training within 30 days of go‑live.
- Require an annual value‑realization report tied to your original business case.
Final Thoughts
CMS procurement is legally complex. Public sector professionals should own the vision, impose disciplined governance, and engage the market transparently. The result will be a platform that delights citizens and withstands public scrutiny.
Start today by validating your pain points and empowering your team to execute the six steps above.
Want more in-depth guidance to public sector procurement? Read our guide:
Frequently asked questions
Why is it important to conduct market dialogue before launching a tender?
Market dialogue helps you understand the supplier landscape, uncover realistic requirements and alternative solutions, and ensure that the specification of requirements is relevant and feasible.
Should external advisors be considered in the procurement process?
External advisory services contribute with procurement expertise and experience, and can support you in navigating regulations, requirement specifications, and process structure. This is especially useful when internal capacity is limited.
How do you ensure that the CMS solution supports universal design on the website?
All public websites must follow the requirements for universal design, based on the WCAG 2.1 standard. This should be included in the requirements specification, and the supplier must be able to document how the solution is tested and revised for accessibility.
How do you ensure that the CMS solution is secure and protects information security?
Ask the supplier to document how they work with security, both technically and organizationally. Certifications such as ISO 27001 are a good indication that security is systematically ensured. In addition, you should request routines for updating, patching, and handling security incidents.
Which government standard contract should be chosen for CMS delivered as a service by a supplier?
For CMS delivered as a service (SaaS), it is generally recommended to use SSA-L (the government’s standard contract for ongoing services). This covers, among other things, requirements for service levels (SLA), follow-up, changes, and termination of the contract.
Morten Eriksen
Morten is the CEO and co-founder of Enonic. He has extensive experience as an entrepreneur focusing on areas like business development, product management, sales, and marketing. He started a digital agency in 1995 and built his first CMS in 1997, then founded Enonic in 2000 where his mission is to accelerate digital projects using innovative technology.